Re: people will click on anything from Timothy Hahn on 2007-05-24 (public-wsc-wg@w3.org from May 2007)

From: Timothy Hahn <hahnt@us.ibm.com>
Date: Thu, 24 May 2007 09:34:12 -0400
To: public-wsc-wg@w3.org
Message-ID: <OFEB90411E.8822D422-ON852572E5.00446752-852572E5.004A8AD1@us.ibm.com>

Hi,

At the risk of sounding "big brother-ish", I think this type of thing 
points out that relying on humans to make such decisions isn't always the 
right answer either.  As Thomas hinted - some folks might have known 
better but were curious enough (possibly working as security 
practitioners) that they decided to "take the plunge/click".

I suspect our candidate recommendations may NOT have flagged anything at 
issue with this particular test/link ... since the test sounds like it was 
inocuous anyway.  And thus, our users would take this for what it was ... 
either a prank or a social engineering/psychology test.  If, however, the 
thing at the end of the link were somehow deemed/determined "suspicious", 
I am hoping that at least one of our candidate recommendations would have 
kicked in and either indicated something to the human or at least 
avoided/blocked the suspicious processing on the human's interaction 
device (where the user agent is running).

Regards,
Tim Hahn
IBM Distinguished Engineer

Internet: hahnt@us.ibm.com
Internal: Timothy Hahn/Durham/IBM@IBMUS
phone: 919.224.1565     tie-line: 8/687.1565
fax: 919.224.2530




"Mary Ellen Zurko" <Mary_Ellen_Zurko@notesdev.ibm.com> 
Sent by: public-wsc-wg-request@w3.org
05/23/07 04:47 PM

To
wdoyle@mitre.org
cc
public-wsc-wg@w3.org
Subject
Re: people will click on anything







It does seem to define an upper bound on what we can hope to get all users 
to do to preserve their security (even with the questions about how many 
of them were informed security types trying it out). 

          Mez

Mary Ellen Zurko, STSM, IBM Lotus CTO Office       (t/l 333-6389)
Lotus/WPLC Security Strategy and Patent Innovation Architect



"Doyle, Bill" <wdoyle@mitre.org> 
Sent by: public-wsc-wg-request@w3.org
05/23/2007 04:27 PM


To
<public-wsc-wg@w3.org>
cc

Subject
people will click on anything








This seemed to follow the discussion today that people don't look at 
anything and will click through - so what do you do, hot wire the chair? 
Put an explosive charge in the mouse? 
 
Not sure if this has made the rounds, I pulled it off a MITRE infosec list
http://www.eweek.com/article2/0,1895,2132447,00.asp

Received on Thursday, 24 May 2007 13:34:54 UTC